Enhanced NAT and the TMG Firewall

The TMG firewall introduced a new feature called “Enhanced NAT”. The primary goal of Enhanced NAT is to allow the TMG firewall administrator to control the source IP address of outbound packets. With the ISA firewall, the source IP address for outbound packets was always the primary IP address on the external interface to the ISA firewall. The primary IP address is the IP address on the top of the list of IP addresses in the TCP/IP Properties of the NIC.

What you might not know is that this has completely changed with the TMG firewall!

No longer is the primary IP address used as the default IP address used for outbound connections.

In addition, the Enhance NAT feature allows you to control which IP address bound to the external interface will be used as the source IP address for an outbound connection, depending on the source network of the originating request.

For all the cool details, check out this great article by Philipp Sand and reviewed by Eric Detoc –

http://blogs.technet.com/b/isablog/archive/2011/03/17/tmg-enhanced-nat-considerations-when-using-the-default-ip-address.aspx?wa=wsignin1.0&CommentPosted=true#commentmessage

HTH,

Deb

DEBRA LITTLEJOHN SHINDER
MVP (Enterprise Security)
“MS SECURITY”
[email protected]

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top